× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6267e3c1ecda1268086b97e6be85ab3d2cf81fa69b6fea8d44dc77109d034e74
File name: yownvshy.bin
Detection ratio: 11 / 67
Analysis date: 2018-06-27 12:37:37 UTC ( 10 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Troj.W32.Gen.lLnX 20180627
Avast FileRepMetagen [Malware] 20180627
AVG FileRepMetagen [Malware] 20180627
Avira (no cloud) TR/Crypt.XPACK.Gen7 20180627
Bkav W32.eHeur.Malware03 20180627
Cylance Unsafe 20180627
Endgame malicious (high confidence) 20180612
Sophos ML heuristic 20180601
Microsoft Trojan:Win32/Totbrick.H 20180627
Palo Alto Networks (Known Signatures) generic.ml 20180627
Webroot W32.Trojan.Gen 20180627
Ad-Aware 20180627
AhnLab-V3 20180627
Alibaba 20180627
ALYac 20180627
Antiy-AVL 20180627
Arcabit 20180627
Avast-Mobile 20180627
AVware 20180627
Babable 20180406
Baidu 20180627
BitDefender 20180627
CAT-QuickHeal 20180627
ClamAV 20180627
CMC 20180627
Comodo 20180627
CrowdStrike Falcon (ML) 20180530
Cybereason 20180225
Cyren 20180627
DrWeb 20180627
eGambit 20180627
Emsisoft 20180627
ESET-NOD32 20180627
F-Prot 20180627
F-Secure 20180627
Fortinet 20180627
GData 20180627
Ikarus 20180627
Jiangmin 20180627
K7AntiVirus 20180627
K7GW 20180627
Kaspersky 20180627
Kingsoft 20180627
Malwarebytes 20180627
MAX 20180627
McAfee 20180627
McAfee-GW-Edition 20180627
eScan 20180627
NANO-Antivirus 20180627
Panda 20180626
Qihoo-360 20180627
Rising 20180627
SentinelOne (Static ML) 20180618
Sophos AV 20180627
SUPERAntiSpyware 20180627
Symantec 20180627
Symantec Mobile Insight 20180626
TACHYON 20180627
Tencent 20180627
TheHacker 20180624
TrendMicro 20180627
TrendMicro-HouseCall 20180627
Trustlook 20180627
VBA32 20180626
VIPRE 20180627
ViRobot 20180627
Yandex 20180627
Zillya 20180626
ZoneAlarm by Check Point 20180627
Zoner 20180627
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-06-27 07:48:40
Entry Point 0x0000FBC7
Number of sections 4
PE sections
PE imports
HeapFree
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
VirtualProtect
GetCurrentProcess
GetCurrentProcessId
UnhandledExceptionFilter
GetProcAddress
InterlockedCompareExchange
GetProcessHeap
InterlockedExchange
SetUnhandledExceptionFilter
GetStartupInfoA
GetSystemTimeAsFileTime
TerminateProcess
VirtualFree
Sleep
IsBadReadPtr
HeapAlloc
GetCurrentThreadId
VirtualAlloc
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?flags@ios_base@std@@QBEHXZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?eof@?$char_traits@D@std@@SAHXZ
?good@ios_base@std@@QBE_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?length@?$char_traits@D@std@@SAIPBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?width@ios_base@std@@QBEHXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?width@ios_base@std@@QAEHH@Z
__p__fmode
realloc
memset
__dllonexit
_stricmp
_controlfp_s
_invoke_watson
_cexit
?terminate@@YAXXZ
isalnum
_lock
__p__commode
_onexit
_amsg_exit
exit
_XcptFilter
_encode_pointer
__setusermatherr
_decode_pointer
_crt_debugger_hook
_acmdln
_ismbblead
_unlock
_adjust_fdiv
free
__CxxFrameHandler3
_except_handler4_common
__getmainargs
_initterm
_initterm_e
memcpy
_configthreadlocale
_exit
__set_app_type
Number of PE resources by type
RT_MANIFEST 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

SubsystemVersion
5.0

MachineType
Intel 386 or later, and compatibles

TimeStamp
2018:06:27 09:48:40+02:00

FileType
Win32 EXE

PEType
PE32

CodeSize
70144

LinkerVersion
9.0

FileTypeExtension
exe

InitializedDataSize
347136

ImageFileCharacteristics
No relocs, Executable, 32-bit

EntryPoint
0xfbc7

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
0

File identification
MD5 beac135dace12faa4d2a91a9d4a014fb
SHA1 716902e57285e59875a8952e63edc4492230c028
SHA256 6267e3c1ecda1268086b97e6be85ab3d2cf81fa69b6fea8d44dc77109d034e74
ssdeep
6144:xmXqr2kgYrOirInHCdUMK2T1MXHZqzPQmULczSMF8lC2j52TLIuzRu+UHHHVn0:cadgYqirIC2vbX51xL8F1212JduzHHV0

authentihash e6b207ebc2834dd28d547a4184707e3ae85acc07fde4d0073cea2d2aed3ceaba
imphash 843cd8583f2cdf900ae9aec5237d6f6b
File size 408.5 KB ( 418304 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (33.7%)
Win64 Executable (generic) (29.8%)
Microsoft Visual C++ compiled executable (generic) (17.8%)
Win32 Dynamic Link Library (generic) (7.1%)
Win32 Executable (generic) (4.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-27 11:57:44 UTC ( 10 months, 3 weeks ago )
Last submission 2018-06-30 23:04:15 UTC ( 10 months, 3 weeks ago )
File names output.113519432.txt
yownvshy.bin
kuketl.exe.11.dr
beac135d.gxe
mo.bin
kuketl.exe.13.dr
dmtgsp.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Created processes
Opened mutexes
Runtime DLLs